Critical Windows RasMan Zero-Day Flaw Exposes Arbitrary Code Execution Risks
A critical vulnerability in Windows' Remote Access Connection Manager (RasMan) allows local attackers to execute arbitrary code with System privileges by exploiting a race condition and a previously unknown zero-day flaw. Microsoft has issued patches for the primary flaw, CVE-2025-59230, but a secondary unpatched vulnerability involving a service crash was exploited to facilitate the attack. Administrators are urged to apply the latest updates immediately.